You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openldap

Sigurnosni nedostaci programskog paketa openldap

==========================================================================
Ubuntu Security Notice USN-4078-2
August 19, 2019

openldap vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in OpenLDAP.

Software Description:
– openldap: OpenLDAP utilities

Details:

USN-4078-1 fixed several vulnerabilities in openldap. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that OpenLDAP incorrectly handled rootDN delegation. A
database administrator could use this issue to request authorization as an
identity from another database, contrary to expectations. (CVE-2019-13057)

It was discovered that OpenLDAP incorrectly handled SASL authentication and
session encryption. After a first SASL bind was completed, it was possible
to obtain access by performing simple binds, contrary to expectations.
(CVE-2019-13565)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
slapd 2.4.31-1+nmu2ubuntu8.5+esm1

Ubuntu 12.04 ESM:
slapd 2.4.28-1.1ubuntu4.9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4078-2
https://usn.ubuntu.com/4078-1
CVE-2019-13057, CVE-2019-13565
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdWqyGAAoJEEW851uECx9pwbIP/0Bge2zKmG2nwtC28m+1Qdzi
/0laYasTATLoUbWrFpulkCUyjJa5n/dww1W1Ydtkpzsw6fg/VXAr8TfKkVMKUY/7
4BcpEJQCBsG6TVTAnwG610qO6NokfRuJlUN7w9py8w7CaiUPOMIKlE3QsyWHzAXg
o7Uui/LpNY5rCX8rV+tVBMm2JVaJxuw9CvlkYk2RmhUHJ1YXxjn0w6uxSVfN8Ryg
gOdbcYWnK18ohRdENwkb1WYPCqKC/wgrH6ksoXMLByvVUBgky1GR17h2NLF63lxf
BVKYMZtU+c3/bgbdYvU5tEZBquWP/LxTGlzPQMXqs2orn9fhhcgygMKl99nh8O1x
R89H0K6HCgkBahZUdjL85XL9XOtK0pWavdYvejtH2smS0feyx+RYb2mAnyHONiYj
BiPEdGktPqi0FOh6OtGCZzFNfPr4getCYYULFkF/i5GwjFHS5cJOXycAlfN/kY2N
YY5qkBoerbAB5vgg3lAUDouHiFxA5UwspbnEppUzXFupZexw4wGXRdSlTOOCOOGt
fhwpGDvcz5CxvN/ZzzXgb6DmEf37Y+8TSZOTE4m7Gf/ZZG+QY92yODf/XG0fscBN
pEobt7OZCw2bFTrRvybxQEhVxkgNDvH3yE0Q34UnrDQCRXmY5l4Y0hkWHqWaJtNZ
oJ2H6C7733619qJ+CRhT
=wNCB
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa nova

Otkriven je sigurnosni nedostatak u programskom paketu nova za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close